﻿// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.


using IdentityServer4;
using IdentityServer4.Models;
using System.Collections.Generic;

namespace MyIds4Server
{
    public static class Config
    {
        public static IEnumerable<IdentityResource> IdentityResources =>
            new IdentityResource[]
            { 
                //for OpenIDConnect interactive user
                new IdentityResources.OpenId(),                
                new IdentityResources.Profile()
            };

        public static IEnumerable<ApiScope> ApiScopes =>
            new ApiScope[]
            {
                 new ApiScope("myapione", "My API One"),
                new ApiScope("myliswaggerapi",  "MyLi Swagger Api")
            };

        public static IEnumerable<Client> Clients =>
            new Client[] 
            {
                new Client()
                {
                    ClientId = "myclientone",

                    // no interactive user, use the clientid/secret for authentication
                    AllowedGrantTypes = GrantTypes.ClientCredentials,

                    // secret for authentication
                    ClientSecrets =
                    {
                        new Secret("12345".Sha256())
                    },

                    // scopes that client has access to
                    AllowedScopes = { "myapione" }
                },
                new Client()
                {
                    //for OpenIDConnect interactive user
                    ClientId = "mymvcclientone",
                    ClientSecrets = { new Secret("12345".Sha256()) },

                    AllowedGrantTypes = GrantTypes.Code,

                    // where to redirect to after login
                    RedirectUris = { "http://localhost:5002/signin-oidc" },

                    // where to redirect to after logout
                    PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },

                    //1.to two parts together
                    AllowOfflineAccess = true,
                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        //1.to two parts together
                        "myapione"
                    }       
                },
                // JavaScript Client
                new Client
                {
                    ClientId = "js",
                    ClientName = "JavaScript Client",
                    AllowedGrantTypes = GrantTypes.Code,
                    RequireClientSecret = false,

                    RedirectUris =           { "http://localhost:5003/callback.html" },
                    PostLogoutRedirectUris = { "http://localhost:5003/index.html" },
                    AllowedCorsOrigins =     { "http://localhost:5003" },

                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "myapione"
                    }
                },
                //Device Client 
                new Client
                {
                    ClientId = "deviceclientone",//客户端ID                             
                    AllowedGrantTypes = GrantTypes.DeviceFlow, //验证类型：设备流模式
                    RequireConsent = true,          //手动确认授权
                    ClientSecrets ={ new Secret("12345".Sha256())},    //密钥和加密方式
                    AllowedScopes = { "myapione" },        //允许访问的api服务
                    AlwaysIncludeUserClaimsInIdToken=true
                },new Client
                {
                    ClientId = "myliswaggerapi",
                    ClientName = "myliswaggerapi Swagger UI",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,

                    RedirectUris = { $"http://localhost:5003/swagger/oauth2-redirect.html" },
                    PostLogoutRedirectUris = { $"http://localhost:5003/swagger/" },

                    AllowedScopes =
                    {
                        "myliswaggerapi"
                    }
                },

            };
    }
}